[pull] master from trinodb:master

core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControl.java

@@ -127,26 +127,14 @@ default void checkCanSetUser(Optional<Principal> principal, String userName)
         denySetUser(principal, userName);
     }
 
-    /**
-     * Checks if identity can execute a query.
-     *
-     * @throws AccessDeniedException if not allowed
-     * @deprecated use {@link #checkCanExecuteQuery(Identity, QueryId)}
-     */
-    @Deprecated
-    default void checkCanExecuteQuery(Identity identity)
-    {
-        denyExecuteQuery();
-    }
-
     /**
      * Checks if identity can execute a query.
      *
      * @throws AccessDeniedException if not allowed
      */
     default void checkCanExecuteQuery(Identity identity, QueryId queryId)
     {
-        checkCanExecuteQuery(identity);
+        denyExecuteQuery();
     }
 
     /**
@@ -203,26 +191,14 @@ default void checkCanWriteSystemInformation(Identity identity)
         denyWriteSystemInformationAccess();
     }
 
-    /**
-     * Check if identity is allowed to set the specified system property.
-     *
-     * @throws AccessDeniedException if not allowed
-     * @deprecated use {@link #checkCanSetSystemSessionProperty(Identity, QueryId, String)}
-     */
-    @Deprecated
-    default void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
-    {
-        denySetSystemSessionProperty(propertyName);
-    }
-
     /**
      * Check if identity is allowed to set the specified system property.
      *
      * @throws AccessDeniedException if not allowed
      */
     default void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
-        checkCanSetSystemSessionProperty(identity, propertyName);
+        denySetSystemSessionProperty(propertyName);
     }
 
     /**

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/AllowAllSystemAccessControl.java

@@ -80,9 +80,6 @@ public void checkCanReadSystemInformation(Identity identity) {}
     @Override
     public void checkCanWriteSystemInformation(Identity identity) {}
 
-    @Override
-    public void checkCanExecuteQuery(Identity identity) {}
-
     @Override
     public void checkCanExecuteQuery(Identity identity, QueryId queryId) {}
 
@@ -98,9 +95,6 @@ public Collection<Identity> filterViewQueryOwnedBy(Identity identity, Collection
         return queryOwners;
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) {}
-
     @Override
     public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName) {}
 

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java

@@ -304,19 +304,13 @@ public void checkCanSetUser(Optional<Principal> principal, String userName)
     }
 
     @Override
-    public void checkCanExecuteQuery(Identity identity)
+    public void checkCanExecuteQuery(Identity identity, QueryId queryId)
     {
         if (!canAccessQuery(identity, Optional.empty(), QueryAccessRule.AccessMode.EXECUTE)) {
             denyExecuteQuery();
         }
     }
 
-    @Override
-    public void checkCanExecuteQuery(Identity identity, QueryId queryId)
-    {
-        checkCanExecuteQuery(identity);
-    }
-
     @Override
     public void checkCanViewQueryOwnedBy(Identity identity, Identity queryOwner)
     {
@@ -386,7 +380,7 @@ private boolean checkCanSystemInformation(Identity identity, SystemInformationRu
     }
 
     @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
+    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
         boolean allowed = sessionPropertyRules.stream()
                 .map(rule -> rule.match(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), propertyName))
@@ -398,12 +392,6 @@ public void checkCanSetSystemSessionProperty(Identity identity, String propertyN
         }
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
-    {
-        checkCanSetSystemSessionProperty(identity, propertyName);
-    }
-
     @Override
     public boolean canAccessCatalog(SystemSecurityContext context, String catalogName)
     {

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/ForwardingSystemAccessControl.java

@@ -83,12 +83,6 @@ public void checkCanWriteSystemInformation(Identity identity)
         delegate().checkCanWriteSystemInformation(identity);
     }
 
-    @Override
-    public void checkCanExecuteQuery(Identity identity)
-    {
-        delegate().checkCanExecuteQuery(identity);
-    }
-
     @Override
     public void checkCanExecuteQuery(Identity identity, QueryId queryId)
     {
@@ -113,12 +107,6 @@ public void checkCanKillQueryOwnedBy(Identity identity, Identity queryOwner)
         delegate().checkCanKillQueryOwnedBy(identity, queryOwner);
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
-    {
-        delegate().checkCanSetSystemSessionProperty(identity, propertyName);
-    }
-
     @Override
     public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {

plugin/trino-mongodb/pom.xml

@@ -14,7 +14,7 @@
 
     <properties>
         <air.compiler.fail-warnings>true</air.compiler.fail-warnings>
-        <mongo-java.version>5.2.0</mongo-java.version>
+        <mongo-java.version>5.2.1</mongo-java.version>
     </properties>
 
     <dependencies>

plugin/trino-opa/src/main/java/io/trino/plugin/opa/OpaAccessControl.java

@@ -31,6 +31,7 @@
 import io.trino.plugin.opa.schema.TrinoSchema;
 import io.trino.plugin.opa.schema.TrinoTable;
 import io.trino.plugin.opa.schema.TrinoUser;
+import io.trino.spi.QueryId;
 import io.trino.spi.connector.CatalogSchemaName;
 import io.trino.spi.connector.CatalogSchemaRoutineName;
 import io.trino.spi.connector.CatalogSchemaTableName;
@@ -115,7 +116,7 @@ public void checkCanSetUser(Optional<Principal> principal, String userName)
     {}
 
     @Override
-    public void checkCanExecuteQuery(Identity identity)
+    public void checkCanExecuteQuery(Identity identity, QueryId queryId)
     {
         opaHighLevelClient.queryAndEnforce(buildQueryContext(identity), "ExecuteQuery", AccessDeniedException::denyExecuteQuery);
     }
@@ -156,7 +157,7 @@ public void checkCanWriteSystemInformation(Identity identity)
     }
 
     @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
+    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
         opaHighLevelClient.queryAndEnforce(
                 buildQueryContext(identity),

plugin/trino-opa/src/test/java/io/trino/plugin/opa/TestConstants.java

@@ -17,6 +17,7 @@
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.trace.Tracer;
 import io.trino.execution.QueryIdGenerator;
+import io.trino.spi.QueryId;
 import io.trino.spi.connector.CatalogSchemaTableName;
 import io.trino.spi.security.Identity;
 import io.trino.spi.security.SystemAccessControlFactory;
@@ -59,6 +60,7 @@ private TestConstants() {}
     public static final URI OPA_ROW_FILTERING_URI = URI.create("http://my-row-filtering-uri/");
     public static final URI OPA_COLUMN_MASKING_URI = URI.create("http://my-column-masking-uri/");
     public static final Identity TEST_IDENTITY = Identity.forUser("source-user").withGroups(ImmutableSet.of("some-group")).build();
+    public static final QueryId TEST_QUERY_ID = QueryId.valueOf("abcde");
     public static final SystemSecurityContext TEST_SECURITY_CONTEXT = new SystemSecurityContext(TEST_IDENTITY, new QueryIdGenerator().createNextQueryId(), Instant.now());
     public static final CatalogSchemaTableName TEST_COLUMN_MASKING_TABLE_NAME = new CatalogSchemaTableName("some_catalog", "some_schema", "some_table");
 

plugin/trino-opa/src/test/java/io/trino/plugin/opa/TestOpaAccessControl.java

@@ -61,6 +61,7 @@
 import static io.trino.plugin.opa.TestConstants.SERVER_ERROR_RESPONSE;
 import static io.trino.plugin.opa.TestConstants.TEST_COLUMN_MASKING_TABLE_NAME;
 import static io.trino.plugin.opa.TestConstants.TEST_IDENTITY;
+import static io.trino.plugin.opa.TestConstants.TEST_QUERY_ID;
 import static io.trino.plugin.opa.TestConstants.TEST_SECURITY_CONTEXT;
 import static io.trino.plugin.opa.TestConstants.UNDEFINED_RESPONSE;
 import static io.trino.plugin.opa.TestConstants.columnMaskingOpaConfig;
@@ -93,13 +94,13 @@ public void testResponseHasExtraFields()
                         }\
                         """));
         OpaAccessControl authorizer = createOpaAuthorizer(simpleOpaConfig(), mockClient);
-        authorizer.checkCanExecuteQuery(TEST_IDENTITY);
+        authorizer.checkCanExecuteQuery(TEST_IDENTITY, TEST_QUERY_ID);
     }
 
     @Test
     public void testNoResourceAction()
     {
-        testNoResourceAction("ExecuteQuery", OpaAccessControl::checkCanExecuteQuery);
+        testNoResourceAction("ExecuteQuery", (opaAccessControl, identity) -> opaAccessControl.checkCanExecuteQuery(identity, TEST_QUERY_ID));
         testNoResourceAction("ReadSystemInformation", OpaAccessControl::checkCanReadSystemInformation);
         testNoResourceAction("WriteSystemInformation", OpaAccessControl::checkCanWriteSystemInformation);
     }
@@ -242,7 +243,7 @@ private void testIdentityResourceActions(
     @Test
     public void testStringResourceAction()
     {
-        testStringResourceAction("SetSystemSessionProperty", "systemSessionProperty", (accessControl, systemSecurityContext, argument) -> accessControl.checkCanSetSystemSessionProperty(systemSecurityContext.getIdentity(), argument));
+        testStringResourceAction("SetSystemSessionProperty", "systemSessionProperty", (accessControl, systemSecurityContext, argument) -> accessControl.checkCanSetSystemSessionProperty(systemSecurityContext.getIdentity(), TEST_QUERY_ID, argument));
         testStringResourceAction("CreateCatalog", "catalog", OpaAccessControl::checkCanCreateCatalog);
         testStringResourceAction("DropCatalog", "catalog", OpaAccessControl::checkCanDropCatalog);
         testStringResourceAction("ShowSchemas", "catalog", OpaAccessControl::checkCanShowSchemas);
@@ -665,7 +666,7 @@ private void testRequestContextContentsForGivenTrinoVersion(Optional<SystemAcces
                 accessControlContext);
         Identity sampleIdentityWithGroups = Identity.forUser("test_user").withGroups(ImmutableSet.of("some_group")).build();
 
-        authorizer.checkCanExecuteQuery(sampleIdentityWithGroups);
+        authorizer.checkCanExecuteQuery(sampleIdentityWithGroups, TEST_QUERY_ID);
 
         String expectedRequest =
                 """

plugin/trino-openlineage/pom.xml

@@ -61,7 +61,7 @@
         <dependency>
             <groupId>io.openlineage</groupId>
             <artifactId>openlineage-java</artifactId>
-            <version>1.23.0</version>
+            <version>1.24.2</version>
             <!-- the reason for exclusion is issue while building plugin manifesting -->
             <!-- in following error: -->
             <!-- Found duplicate and different classes in -->

plugin/trino-opensearch/pom.xml

@@ -15,7 +15,7 @@
 
     <properties>
         <air.compiler.fail-warnings>true</air.compiler.fail-warnings>
-        <dep.opensearch.version>2.17.1</dep.opensearch.version>
+        <dep.opensearch.version>2.18.0</dep.opensearch.version>
     </properties>
 
     <dependencies>

pom.xml

@@ -191,7 +191,7 @@
         <dep.confluent.version>7.7.1</dep.confluent.version>
         <dep.docker.images.version>102</dep.docker.images.version>
         <dep.drift.version>1.22</dep.drift.version>
-        <dep.flyway.version>10.20.1</dep.flyway.version>
+        <dep.flyway.version>10.21.0</dep.flyway.version>
         <dep.frontend-maven-plugin.version>1.15.1</dep.frontend-maven-plugin.version>
         <dep.frontend-node.version>v20.17.0</dep.frontend-node.version>
         <dep.frontend-npm.version>10.8.3</dep.frontend-npm.version>
@@ -212,7 +212,7 @@
         <dep.takari.version>2.2.0</dep.takari.version>
         <dep.tcnative.version>2.0.69.Final</dep.tcnative.version>
         <dep.tempto.version>202</dep.tempto.version>
-        <dep.wire.version>4.9.9</dep.wire.version>
+        <dep.wire.version>4.9.11</dep.wire.version>
         <dep.zookeeper.version>3.9.3</dep.zookeeper.version>
         <extraJavaVectorArgs>--add-modules=jdk.incubator.vector</extraJavaVectorArgs>
         <!--
@@ -309,7 +309,7 @@
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>bom</artifactId>
-                <version>2.29.6</version>
+                <version>2.29.8</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -1913,13 +1913,13 @@
             <dependency>
                 <groupId>org.apache.httpcomponents.client5</groupId>
                 <artifactId>httpclient5</artifactId>
-                <version>5.3.1</version>
+                <version>5.4.1</version>
             </dependency>
 
             <dependency>
                 <groupId>org.apache.httpcomponents.core5</groupId>
                 <artifactId>httpcore5</artifactId>
-                <version>5.3</version>
+                <version>5.3.1</version>
             </dependency>
 
             <dependency>